Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Kismet configuration for linksys router

Posted on 2011-10-24
17
Medium Priority
?
810 Views
Last Modified: 2013-11-29
Hi,

I am trying to configure kismet to put an intrution detection system in place for our wireless network. When I start kismet server, I get error that source is not defined and that I should add source to kismet.config

I thought Kismet is going to autodetect the driver and supported channels for a capture source. Kismet is installed on a centos server on the network.

We use Linksys WAP54G for our wireless needs. Do I need to ADD capture source in kismet.conf file, how to I do it ? Or am I missing something which is stopping kismet to automatically detect the capture source ?

Thanks !
0
Comment
Question by:pratz09
  • 10
  • 7
17 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 37020590
From the documentation:

Capture sources may be added via the Kismet UI under the "Add Source"
    option, in which case the options may be added under the "Options:"
    field, comma separated.  They may also be defined in the kismet.conf
    configuration file as the "ncsource=" option, such as:
        ncsource=wlan0:option1=foo,option2=bar

Does your CentOS server have a working wireless card or USB dongle in it?  You can run 'iwconfig' on the server, and then you should find which interface the system associates with the wireless:

colinb@laptop:~$ iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      IEEE 802.11g  ESSID:"mynetwork"  
          Mode:Managed  Frequency:2.462 GHz  Access Point: 68:7F:74:B4:E2:ED  
          Bit Rate:48 Mb/s   Tx-Power=20 dBm   Sensitivity=8/0  
          Retry limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=88/100  Signal level=-42 dBm  Noise level=-80 dBm
          Rx invalid nwid:0  Rx invalid crypt:56  Rx invalid frag:0
          Tx excessive retries:558  Invalid misc:0   Missed beacon:8

pan0      no wireless extensions.

As you can see for mine, it's eth1.  So I'd add to my config file:

  nsource=eth1

Then the next time you launch kismet, it should work.
0
 
LVL 19

Expert Comment

by:xterm
ID: 37020720
Sorry, I lied to you - you need to configure source=<card type>

So for instance, my broadcom wireless device would be:

source=bcm43xx

If you look in /usr/share/doc/kismet*/README (may be README.gz) you can find a list of all the interface types by searching on "Capture Sources"
0
 
LVL 19

Accepted Solution

by:
xterm earned 2000 total points
ID: 37020751
I apologize, but I was again speaking out of turn:

The syntax is:

source=<type>,<interface>,<channel>

So something like:

source=bcm43x,eth1,1

You will need to get the channel list for your device to configure the 3rd field.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:pratz09
ID: 37020835
Woops ! I just tested wireless card on the server and apparently its not functional. That's why Kismet was not able to autodetect probably, because it cannot receive packets from any wireless device.

Well, my work laptop has wireless card in it. It runs windows 7, can I install VMplayer and a linux on it and then install Kismet. Theoritically it should be able to capture the packets, and do intrution detection. Doesn't matter if it is on a server or a laptop, right ?

Thanks for above responses, that's good information.
0
 
LVL 19

Expert Comment

by:xterm
ID: 37020884
Wouldn't it be easier to build the Windows version of kismet in Cygwin and run it natively?

Or just get a cheap USB wireless dongle for the CentOS box?

The problem with Linux in a VM is that VMWare itself will NAT the host OS routing to the Linux VM.  I don't think it would actually access the wireless device directly, but instead simply route out through the NAT via the Windows host wireless network connection.



0
 

Author Comment

by:pratz09
ID: 37021041
You are absolutely right. And I searched for it. I found this article: http://www.renderlab.net/projects/wrt54g/kismetonwindows.html 

It had lot of references on other websites too but when I go to Cacetech downloads webpage and try to download AorPcap-Enabled Open Source Tools Kismet 2009-06-R1 Windows Installer, it gives me 404 error. So I thought its not supported anymore. Any pointers ?

I have DW1501 Wireless-N WLAN Half-Mini Card by Broadcom on my Dell laptop, I am hoping it supports RF monitor mode.

Thanks a lot !
0
 
LVL 19

Expert Comment

by:xterm
ID: 37021160
I didn't know there was a binary installer for Windows - my thought is to get it to work, you'd need to install the Cygwin environment with the gcc compiler, tar, gzip, etc.   Then you'd be able to uncrunch the source archive from the regular Kismet download site and build the binary yourself.

Like I said, its a whole lot of work.  I'd personally recommend in just getting an inexpensive supported USB wireless adapter for your CentOS server, since Kismet is already installed there and ready to roll.

Not to mention, Linux is far easier to script to actually DO something if it detects an intrusion - I'm not sure what exactly Windows capabilities are in that area.
0
 

Author Comment

by:pratz09
ID: 37021199
Actually the CentOs server is on a virtual machine too. I was assuming that it won't matter if CentOs is on VM, because it will still have access to the Wifi card on the physical machine Even if I try to make the USB adapter to work with the virtual machine, getting approval for the USB will take time.

So might as well try to install Kismet on windows then ? Or should I try the Linux on VM method ?

Really appreciate your help here.
0
 
LVL 19

Expert Comment

by:xterm
ID: 37021233
I would try to install Kismet on Windows personally since we know that should work.  I can't say for sure whether the Linux VM would ever be able to access that wireless device.
0
 

Author Comment

by:pratz09
ID: 37024965
Hi,

Sorry for replying late. I finally found installation files for for windows here: http://www.airdemon.net/riverbed.html I had to install AirPcap and Winpcap before I could install kismet. I was able to install kismet but when I run it, I get lot of errors (please see attached).
Kismet-Error-ScrnShot.png
0
 
LVL 19

Expert Comment

by:xterm
ID: 37024991
It's the same thing as you were getting originally on your CentOS box - you need to configure the source= line in kismet.conf.  I think there was a sample in the documentation you sent me here http://www.renderlab.net/projects/wrt54g/kismetonwindows.html
0
 

Author Comment

by:pratz09
ID: 37026581
First off, I really appreciate your patience here.

There are some things I do not understand in this error window. First, why is it referring to locations /usr/local/etc/... ? There is no path like that in kismet installation directory. Second the last line says "Error opening terminal: cygwin". At this point, I installed kismet as a standalone windows application and I am not using cygwin then why is it referring to cygwin ?

I tried editing kismet.conf file and added ncsource=BCM43XX,bus3,1 because I have broadcom device as well and in the properties I see it is on bus 3 and supports channel 1,2,5.5, 11. Doesn't work.
0
 
LVL 19

Expert Comment

by:xterm
ID: 37026642
I'm guessing at a lot of this, because I don't know/use Windows, but:

1)  I don't think "Error opening terminal:  cygwin" error matters yet, as the last error was actually the fact that no source was found in your config file
2)  The default location in the Unix environment is probably /usr/local/etc/kismet.conf, but I don't know that you have to worry about that - we just need to be sure that kismet does in fact know where your kismet.conf file is.  If you are running it from the directory where kismet.conf is, it should be able to find it.
3)  I believe your source line should be just "source=", not "ncsource=".  Let's change that and see if the error changes at all



0
 

Author Comment

by:pratz09
ID: 37026863
Why is it not working man. It does not recognize the change I make I guess.

I get this configuration window, from which I open Kismet.conf and edit it. But it saves in Program Files/Kismet directory, from where I run KismetRunner.  Configuration Window
0
 
LVL 19

Expert Comment

by:xterm
ID: 37026970
I just read the README (your version is newer than mine).  I think you need to use your newly installed AirPcap as the source, and you have to use the new source syntax.  Try this:

ncsource=airpcap

0
 

Author Closing Comment

by:pratz09
ID: 37027183
AirPcap does not recognize my inbuilt wireless card. I think its a big road block or may be core of the problem all along. I don't understand why is it hard. I am not a network engineer, but as I understand it simply needs to capture packets floating around and analyze it after dissection.

I was thinking of AirPcap as a driver which enables my wireless card to capture packet in a particular format, but looks like AirPcap sell USB adapters to do it.

I am closing this question, because you have already answered the main question of how to do it on Linux and have been kind enough to answer my additional queries. I will be opening another question to install it using cygwin which will be probably be my last attempt to run Kismet on Windows.

Thanks a lot !! Really appreciate it.
0
 
LVL 19

Expert Comment

by:xterm
ID: 37027394
Any time, I wish we could've gotten it working.  Best of luck to you!
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question